05-23-2014 12:00 AM - edited 05-23-2014 12:00 AM
Hi everyone I have a problem with client authentication. I want to allow domain clients to authenticate to the internal vlan on the 10.1.150 network. If the client is not a domain member then it should be placed onto the guest network 192.168.1. I have enabled Enforce Machine Authentication and set the Default machine role to authenticated and the Default User Role to 802.1xUser (guest role). My problem is that some non-domain member clients are being given the internal vlan on the 10.1.150 network even though they have been placed into the 802.1xUser role. I have attached an image, the circles in red indicate wrong subnet green is correct. Any ideas? 7210 Controller OS version 220.127.116.11 Thanks
Solved! Go to Solution.
05-23-2014 12:27 AM
The Auth Type would suggest that particular user is getting the 802.1X Authentication Default Role from the AAA profile and not the default user role under Machine Authentication. Are there differences in the device type?
05-23-2014 12:30 AM
so i belive you are usign RBV (role based VLAN). in 18.104.22.168, we have found a bug with RVB and it is fixed in 22.214.171.124.
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.